Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

IE launches first time ok but any attempt thereafter to search/browse results in diversion to porn page above. I have reviewed post from jimmccloy dated May27 2005 and have managed to load HijackThis, and have run it looking for entries per this post, but couldn't find any matching entries on my scan log. I have deleted a few entries which looked unusual and re-booted system OK but still redirected to porn site. Current Log is as below.
(I did have Spybot and Ad-Aware loaded but another user of my computer deleted them by mistake as malware...I am attempting to re-load via USB key)

I would be glad to help you with your computer problems.
HijackThis logs take awhile to research. Please be patient with me. I know that you want your problems solved quicky, and I will work hard to help you.

Please observe these rules while we work:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.

You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Read this instructions carefully and feel free to ask if you're unsure about something

1. Restart your computer. As your computer restarts, repeatedly press the F8 key on your keyboard until the Windows Advanced Options menu appears.
2. Use the arrow key to select Safe Mode, and then press ENTER.
3. Use an arrow key to select an operating system and press ENTER.
4. When prompted whether you want your Windows to run in safe mode, click Yes.

Next

Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\windows\system32\hgfedcba.exe

Exit the Task Manager when finished.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

Hi Mat, thanks for the help. I'm not at the computer with the problem at the moment so can't carry out your instructions but will try a bit later when I get home from work.

re the deleting of the Host details for esg.eastrenfrewshire.gov.uk, this entry is set up to facilitate remote access to my work's secure network (we're using a host name until we can get the name registered for DNS) and it's the browser from there that I'm having to use in order to access your site - I can't get to this site from my own machine because of the redirection problem. So if I delete it I won't be able to communicate with you from my home machine. (I'm currently investigating ways of loading another browser on to my machine at home at the moment but am not convinced I'll be successful). What would you recommend I do?

Also re the hgfedcba entries, I'm sure I have attempted to delete these in at least 2 of my HijackThis scans but it keeps re-appearing but I will certainly give it another go.

Usually Hosts are areas where nasties redirect you, as you have told me the host in your log is safe then just ignore that line in the fix, with regards to the hgfedcba file that keeps coming back, i'll look into it further and get back to you shortly.

Mat2, success! I followed your instructions but only item you recommended deleteing that I could find was the HKLM entry on the HijackThis log, which I checked and it disappeared this time. I rebooted machine and lauched IE and it worked. Hurrah!!

I have attached my most recent HijackThis log for your information. As a matter of interest, how might I have acquired this problem?I'd like to make sure it doesn't happen again so any advice would be most welcome.

Is it worth switching to another browser, do you think? I also will reload Spybot and Ad-aware now so that I get some more protection.

Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
To see how to set this up as well as more spybot features, see here

Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes "kill bits" in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here

It puts many bad webpages on your restricted zones list. This means that you can still view the "bad" webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
If you need help understanding how it works, there is a tutorial here

o Every version of windows has a hosts file as part of them.
o In a very basic sense, they are used to locate webpages.
o We can customize a hosts file so that it blocks certain webpages.
o However, it can slow down certain computers.
o This is why using a hosts file is optional!!

Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here

If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:

Click the start button (at the lower left hand corner of your screen)
Click run
In the dialog box, type services.msc hit enter, then locate dns client
Highlight it, then double-click it.
On the dropdown box, change the setting from automatic to manual.
Click ok

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update Site regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Also keep your malware scanning software up to date against the latest nasties

With regards to the questions you asked in your post, how might I have acquired this problem? Well you could have got infected from a variety of sources, the most common ones i think are bogus websites set to look legit which plant a whole host of nasties, Spam Emails with Hyperlinks, which you or someone else click on and in turn you got this, popups which you may have click Ok to close them which inturn infected you, programs with spyware attach, the list can go on.

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.